^ US Only
1. Standalone anti-virus and anti-spyware available separately for free in Microsoft Security Essentials.
2. Microsoft includes hard drive encryption only in their top of the line "Ultimate" version of Windows 7 and Vista.
3. Hard Drive Encryption for laptops is available for an additional fee.

Windows 7 does not include antivirus protection. However, Microsoft and other vendors do offer free basic antivirus scanning programs like Microsoft Security Essentials. Most threats can eventually be detected by these antivirus programs, but only after they have been discovered "in the wild" and recorded.

New viruses and spyware are created everyday. This means that the real danger lies in the threats your basic antivirus has not heard about yet and therefore cannot detect.

Why would you need more than antivirus software?
Detection of new viruses by antivirus programs is less than 70% successful, according to retrospective, proactive testing of antivirus programs.

Source: AV-Comparatives Proactive/retrospective test May 2009. AV-Comparatives is an independent organization thattests how well different antivirus engines detect viruses and other threats.

While independent testing shows that many antivirus programs score over 90% in catching known malware, you may not have heard that the testing also shows that retroactive, proactive detection of unknown, new malware is less than 70% successful.

Our answer to this problem is to add several other ways of spotting the bad guys and keeping them off your computer in the first place.

The Microsoft Windows 7 operating system does not include full firewall protection. Firewalls stop malicious attacks from entering or exiting your system. Without full protection, you and your system are vulnerable to common attacks. See the leak test results for proof.

Full firewall protection provides both perimeter and operating-system firewall protection. By default, Windows 7 includes a basic inbound firewall and the option to configure some basic outbound firewall protection. But even with all of these controls on, Windows 7 remains vulnerable to other firewall and operating system attacks. Only the ZoneAlarm OSFirewall™ guards against suspicious behavior all the way down to the operating system level.

What can go wrong if I only have the default Windows 7 firewall? There are a number of ways hackers get past the kind of basic inbound firewall found in Windows 7 and other products. This is why we created our OSFirewall to protect you from threats like these:

Download deceptions — You or someone who uses your computer is deceived into installing a seemingly safe download, such as a screensaver, which hides malicious software in it. This "trojan horse" malware can be used to set up access for hackers.

Spoofing attacks — A person or program masquerades as another by falsifying data in order to trick the inbound firewall. Once the intruder is in, only an outbound and OS-level firewall can protect you by detecting and blocking his suspicious behavior.

Rootkits — These are programs that enable secret privileged access to your computer or network. Hackers typically install them by exploiting vulnerability or cracking a password. They may be discovered by strong antivirus software, but are difficult to detect before they do harm because they activate each time your computer starts up.

Security exploits — These are programs crafted to take advantage of a security hole or "back door." Hackers use vulnerability scanners to quickly check computers for such known weaknesses. Research shows that most people are inadvertently running outdated, hacker-friendly software that allows security exploits.1

ZoneAlarm products are famous for their award-winning firewall, which works hard to protect you from all of the above. And it's fully compatible with Windows 7.

Of 51 firewall leak tests, ZoneAlarm Extreme Security on Windows 7 passed 100%. Windows 7 alone, with default security settings, failed 33% of the same set of tests. Results of some of these tests are shown below.

Breakout2 creates and HTML page locally that points to its target URL. Then, it enables Active Desktop and sets its HTML page as your desktop wallpaper. If your firewall fails this test, then your firewall does not check for Active Desktop abuse.

Leaktest was designed to test whether just renaming a malicious program with the name of an authorized application could allow it to bypass your firewall. If your firewall fails, then your firewall trusts your applications by there name (characters) instead of by a crypted fingerprint, e.g., MD5 (Message-Digest algorithm 5) which is a widely-used cryptographic hash function with a 128-bit hash value.

Yalta has both a classical test, and an advanced test. The classical test tries to send UDP packets toward ports that are often allowed, e.g., 53 (DNS), 21 (FTP). The advanced test uses a driver to send packets directly to the network interface, going under TCP/IP layer. If your firewall fails this test, then your firewall may allow traffic that you did not initiate on pre-configured ports.

Generally, when an application accesses the Internet, your firewall uses the Windows API to retrieve the parent PID. Ghost changes the PID by shutting itself down and restarting to continue to send data. If your firewall fails this test, then your firewall's parent/child network access monitoring is checking too late.

Instead of directly modifying the target process memory, Jumper makes the target load its foriegn DLL by itself. To do so, Jumper writes to the 'AppInit_DLLs' registry entry, and then kills explorer.exe which is reloaded automatically by Windows. Once inside the Jumper DLL modifies your Internet Explorere (IE) start page registry entry with all the data it wants to transmit, and then launches IE. If your firewall fails this test, then your firewall is not monitoring the critical registry entries.

On XP all DNS requests from various applications are transmitted to the DNS client (SVCHOST.EXE). This behavior can be used to transmit data to a remote computer by crafting a special DNS request without the firewall noticing it. DNStester uses this kind of DNS recursive request to bypass your firewall. If your firewall fails this test, then your firewall checks too late for DNS requests.

Thermite injects it's code into the target process directly by creating an additional malicious thread within that process that is totally invisible to some firewalls. If your firewall fails this test, then your firewall is vulnerable to process injection.

CPIL tries to find explorer.exe and patch its memory. Then with the infected explorer.exe, CPIL attempts to transmit data to remote servers using your default browser. If your firewall fails this test, then it may fail to monitor suspicious code injection.

FireHole uses your default web browser to transmit data to a remote host. To do this, it installs a DLL file onto your PC in same process space as a trusted application, so it has a greater probability of accessing the Internet stealthily. If your firewall fails this test, then your firewall doesn't control applications that launch others, and is also vulnerable to DLL injection.

Flank

Kernel4

Keylog3

Keylog7

NewClass

Schedtest2

SockSnif

Tests were run using independent, publicly available leak tests from Matousec.com. Believed accurate based on research performed the week of October 14, 2009; this list of tests is not exhaustive. The ZoneAlarm Program Control was set to Maximum, the setting that most users are in by default after a short learning period.

1. Will ZoneAlarm be compatible with the Windows 7 operating system when it releases?
Yes, ZoneAlarm users with active subscriptions (ZoneAlarm Extreme Security, ZoneAlarm Internet Security Suite, Zonealarm PRO Antivirus + Firewall, ZoneAlarm Pro, and ZoneAlarm free firewall) will be able to download a free ZoneAlarm 9 (2010) update that supports Windows 7 when it releases.

2. What about ForceField, will it be compatible with Windows 7?
The standalone ZoneAlarm ForceField product will not be compatible at the time of the Windows 7 release, but will be ready later in 2009. At that time, users with active ForceField subscriptions will be able to download a free update that supports Windows 7.

However, the new Browser Security features included in ZoneAlarm 9 products (ZoneAlarm Extreme Security, ZoneAlarm Internet Security Suite, Zonealarm PRO Antivirus + Firewall, ZoneAlarm Pro, ZoneAlarm) will be compatible with Windows 7 upon its release.

Tip: The Browser Security features included in ZoneAlarm Extreme Security will be the same as the ZoneAlarm ForceField features. This means you could uninstall ForceField before upgrading to ZoneAlarm Extreme Security 9 (2010) and not lose any features.

3. If I have an active ZoneAlarm subscription will I be able to upgrade to the Windows 7 compatible version for free?
Yes, regardless of the version of ZoneAlarm you are running, or which operating system you are currently using, as long as you have an active ZoneAlarm license subscription, you will be able to download a free upgrade that supports Windows 7.

5. Before Windows 7 releases, can I install ZoneAlarm 9 (2010) onto a pre-release version of Windows 7?
You can, but be aware that some parts of the product are still in beta with known issues for pre-release Windows 7. You can also install newer beta versions of ZoneAlarm 9 at our Beta Center.

6. How do I know which version of ZoneAlarm I have?

Open ZoneAlarm and click Overview > Product Info.

Your Version Information is shown at the top.

For example, "version 8.0.298.035" means you have ZoneAlarm 8.

7. Before upgrading to the Windows 7 operating system will there be anything a ZoneAlarm user needs to do?

ZoneAlarm 9 on Windows Vista: You will need to uninstall ZoneAlarm and install the Windows 7 compatible version of ZoneAlarm before upgrading to the official release of Windows 7.

ZoneAlarm 9 on Windows XP: You can upgrade to the official release of Windows 7 with your ZoneAlarm 9 product installed. You may update ZoneAlarm before or after you upgrade to Windows 7, but we recommend updating beforehand

Other ZoneAlarm users: If you are running a ZoneAlarm product that is older than ZoneAlarm 9, you will need to upgrade to the Windows 7 compatible version of ZoneAlarm before upgrading your operating system

8. Are the ZoneAlarm Extreme Security add-on features like PC Tune-up also supported on Windows 7?
Yes. The add-on features will also be fully supported in the Windows 7 compatible version of ZoneAlarm.

9. How to purchase a Windows 7 version of ZoneAlarm: Please click on the appropriate product.